You are here

Deep Learning for Android Application Ransomware Detection

Download pdf | Full Screen View

Date Issued:
2018
Abstract/Description:
Smartphones and mobile tablets are rapidly growing, and very important nowadays. The most popular mobile operating system since 2012 has been Android. Android is an open source platform that allows developers to take full advantage of both the operating system and the applications itself. However, due to the open source community of an Android platform, some Android developers took advantage of this and created countless malicious applications such as Trojan, Malware, and Ransomware. All which are currently hidden in a large number of benign apps in official Android markets, such as Google PlayStore, and Amazon. Ransomware is a malware that once infected the victim’s device. It will encrypt files, unlock device system, and display a popup message which asks the victim to pay ransom in order to unlock their device or system which may include medical devices that connect through the internet. In this research, we propose to combine permission and API calls, then use Deep Learning techniques to detect ransomware apps from the Android market. Permissions setting and API calls are extracted from each app file by using a python library called AndroGuard. We are using Permissions and API call features to characterize each application, which can identify which application has potential to be ransomware or is benign. We implement our Android Ransomware Detection framework based on Keras, which uses MLP with back-propagation and a supervised algorithm. We used our method with experiments based on real-world applications with over 2000 benign applications and 1000 ransomware applications. The dataset came from ARGUS’s lab [1] which validated algorithm performance and selected the best architecture for the multi-layer perceptron (MLP) by trained our dataset with 6 various of MLP structures. Our experiments and validations show that the MLPs have over 3 hidden layers with medium sized of neurons achieved good results on both accuracy and AUC score of 98%. The worst score is approximately 45% to 60% and are from MLPs that have 2 hidden layers with large number of neurons.
Title: Deep Learning for Android Application Ransomware Detection.
510 views
460 downloads
Name(s): Wongsupa, Panupong, author
Zhu, Xingquan, Thesis advisor
Florida Atlantic University, Degree grantor
College of Engineering and Computer Science
Department of Computer and Electrical Engineering and Computer Science
Type of Resource: text
Genre: Electronic Thesis Or Dissertation
Date Created: 2018
Date Issued: 2018
Publisher: Florida Atlantic University
Place of Publication: Boca Raton, Fla.
Physical Form: application/pdf
Extent: 79 p.
Language(s): English
Abstract/Description: Smartphones and mobile tablets are rapidly growing, and very important nowadays. The most popular mobile operating system since 2012 has been Android. Android is an open source platform that allows developers to take full advantage of both the operating system and the applications itself. However, due to the open source community of an Android platform, some Android developers took advantage of this and created countless malicious applications such as Trojan, Malware, and Ransomware. All which are currently hidden in a large number of benign apps in official Android markets, such as Google PlayStore, and Amazon. Ransomware is a malware that once infected the victim’s device. It will encrypt files, unlock device system, and display a popup message which asks the victim to pay ransom in order to unlock their device or system which may include medical devices that connect through the internet. In this research, we propose to combine permission and API calls, then use Deep Learning techniques to detect ransomware apps from the Android market. Permissions setting and API calls are extracted from each app file by using a python library called AndroGuard. We are using Permissions and API call features to characterize each application, which can identify which application has potential to be ransomware or is benign. We implement our Android Ransomware Detection framework based on Keras, which uses MLP with back-propagation and a supervised algorithm. We used our method with experiments based on real-world applications with over 2000 benign applications and 1000 ransomware applications. The dataset came from ARGUS’s lab [1] which validated algorithm performance and selected the best architecture for the multi-layer perceptron (MLP) by trained our dataset with 6 various of MLP structures. Our experiments and validations show that the MLPs have over 3 hidden layers with medium sized of neurons achieved good results on both accuracy and AUC score of 98%. The worst score is approximately 45% to 60% and are from MLPs that have 2 hidden layers with large number of neurons.
Identifier: FA00013151 (IID)
Degree granted: Thesis (M.S.)--Florida Atlantic University, 2018.
Collection: FAU Electronic Theses and Dissertations Collection
Note(s): Includes bibliography.
Subject(s): Deep learning
Android (Electronic resource)--Security measures
Malware (Computer software)--Prevention
Held by: Florida Atlantic University Libraries
Sublocation: Digital Library
Persistent Link to This Record: http://purl.flvc.org/fau/fd/FA00013151
Use and Reproduction: Copyright © is held by the author with permission granted to Florida Atlantic University to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
Use and Reproduction: http://rightsstatements.org/vocab/InC/1.0/
Host Institution: FAU
Is Part of Series: Florida Atlantic University Digital Library Collections.